A group of researchers on Tuesday said 637 million web users are surfing with outdated internet browsers and are, therefore, at greater risk of web-based attacks.
Using data collected from Google web searches and security firm Secunia, the researchers — Stefan Frei of ETH, Zurich; Thomas Dübendorfer of Google; Gunter Ollmann of IBM ISS; and Martin May of ETH, Zurich — analysed the browsers used in a report. The researchers aimed to understand why so many recent attacks by criminal hackers have been aimed at the browser, and why those attacks have been so successful.
Overall, the authors found that roughly 40 percent of users were utilising insecure versions of web browsers. Among the least upgrade-compliant were users of Internet Explorer (IE), which currently dominates the internet-browser market.
The data was collected in mid-June 2008. Of the users, 78 percent employed IE, 16 percent Firefox, three percent Safari, and 0.8 percent Opera. The percentage of these users who were running the latest version of their browser was 52 percent for IE, 92 percent for Firefox, 70 percent for Safari, and 90 percent for Opera.
The authors noted that it has taken IE7, the current Internet Explorer release, 19 months to gain only 52 percent of the entire Internet Explorer audience. Forty-eight percent of the users in the study were either using an old version of IE7 or still had IE6 installed.
Some of this has to do with how the respective suppliers provide updates. IE7 is currently offered as an auto-update with each monthly set of Microsoft security patches, yet a number of people are opting out of the upgrade and still running IE6.
The study did not include use of insecure browser add-ons, such as older versions of Adobe Reader, because the data from Google contained only the browser information.
The study made comparisons to the food industry, arguing that people understand the need to buy the safest foods, but not to use the safest version of browsers. The study asked whether internet browsers, like food, should display expiration dates. The authors provided an example of a browser that displayed in red in the upper-right-hand corner: "145 days expired, three updates missed."
However, unlike in the food industry, there is no liability for software vendors. And, the authors noted, software vendors are not legally obliged to provide software updates.
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ
this spam bot is exasperating
39 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband :D I think the server exchange does slow down a bit round 5 to 7/8 pm but I find I mostly get 3 to 4 MBps on downloads and by that time there...
40 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband night before last
41 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband 5MBps, I saw 5.8
41 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband honestly I do get
41 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband thank you for the support. ..but in
42 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband if you download a BIG file from the MS site then THAT is your *true* speed.
42 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband Hi Fat Pop Do Wop!
42 minutes ago by dava4444 on I'd Rather Have a Bigger Byte Than a Little bit...Broadband it filters the word 'aittude' mis spelled intentionally
46 minutes ago by dava4444 on How to build a GUI for a toaster but with a fair amount of work, possibly. God Bless Dava
48 minutes ago by dava4444 on How to build a GUI for a toaster But I think Googles idea could be developed into an able paradigm. right now, no.
48 minutes ago by dava4444 on How to build a GUI for a toaster took there repos down for Ubuntu (I think there back now but they took a few months). I don't think there is a perfect answer,
3 hours ago by dava4444 on How to build a GUI for a toaster but the community coding and ideas would be gratis, maybe that's why OEM's can be 'slackers' when it comes to Linux. they just sit back and let...
3 hours ago by dava4444 on How to build a GUI for a toaster continued the bad point about that is hardware, a rival OEM can take your development and use it themselves and to retaliate you would have to go...
3 hours ago by dava4444 on How to build a GUI for a toaster continued Okay how about something like Google's approach 'semi-open source'? . the OEM pours cash in to development and code, whilst opening it...
3 hours ago by dava4444 on How to build a GUI for a toaster Hi Adrian em, interesting, yeah okay I can get this vibe, if I wanted VRec on my Tele I would need an embedded and tiny OS and you're totally...
3 hours ago by dava4444 on How to build a GUI for a toaster Hi Adrian been trying to post for three days .this spam bot is a nightmare. Dava
3 hours ago by dava4444 on How to build a GUI for a toaster Hi James I totally agree. The new site makes me want to come and post, but the spam bot refers me at every turn. I even at one point, thought I...
4 hours ago by dava4444 on Spam? Filter Changed?
the future of mobile will be location and context aware. This means, you will have apps that will suggest you depending where you are right...
6 hours ago by sameerhere on Symbian^3 will do resistive multitouch, says Nokia hello i would like to have some form of a answer to this question as it concerns the goverment i want to know why if your on state benefits as a...
6 hours ago by kenye2009 on ITN to launch ITV online news serviceFor multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.
Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.
This tutorial is for new MindManager users and teaches you how to get started, by creating maps, reading maps and organizing your information.
Talkback
Some of the blame for the large proportion of surfers using outdated versions of IE has to be laid at Microsoft's door. IE7 is not available to those of us still running Windows 2000.
79196 2 Jul 08 10:22 Replyone reason for this could be that hacked copies of xp which do not get passed M/S security can not update to IE7 it may reflect just how many hacked copies are out there
tanker12uk 2 Jul 08 11:36 ReplyI would like to see how many of the people that haven't upgraded have either dial-up connections or slow unstable broadband. I think you would find that they go hand in hand. I know my folks never update their system, because all they have is dial-up. I mean if you had dial-up would you upgrade?
spartus4 4 Jul 08 04:30 ReplyI have tried to do that for a number of my customers in the end it was cheaper to do it by either taking the unit back to my base or belive it or not via mobile connection as most of the isp's here wont hold the connection long enough to get the upgrade
tanker12uk 4 Jul 08 10:50 ReplyI use Firefox, which I prefer to IE7. I was a beta tester and hit many issues with IE7 which has rather put me off installing it. Occasionally I have to use the IE6 rendering engine with Firefox (using IE Tab) either because the page won't display correctly in Firefox, or because it uses ActiveX controls. Presumably this would flag me as an IE6 user. If so, a reluctant one!
38895 4 Jul 08 11:08 ReplyConsidering IE7 was built on the IE6 engine I don't really see any advantage to upgrading, security is not that much better. They have just copied some of Firefox's features to try to keep pace.
ator1940 7 Jul 08 14:04 ReplyIts always easy to blame the vendor but in this instance, I don't see why it's Microsoft's fault that some users won't update their browsers. the updates are there, users know where to find them and in some cases are notified of them, what more can they do? force users to upgrade?
harpless 7 Jul 08 18:51 ReplyThey don't make any money on browsers, so don't expect a huge marketing push.
In my opinion by making the updates available and notifying you, they've done enough.
Perhaps that's why Bill's leaving...before it all comes grinding to a halt!
thinkfeeldo 8 Jul 08 05:12 Reply'Hey, ya can't blame me, I don't run the place anymore.'
TFD
I have access to stats for over 50 sites covering a range of genres and never seen the less than 25% Firefox users in the last 6months. Infact in most cases it's around 34%. Agree with the figures for percentage of IE7 to IE6 users though. On tech sites there is usually more IE7 users than IE6 and on non-tech sites it is usually IE6 that has it's nose in front but in each case it's pretty even between the two.
David Long 9 Jul 08 10:33 ReplyI don't think it's microsofts responsibilty to force users to upgrade. They have IE7 as the default browser on their latest OS and prevented the install of IE6 and have included IE7 as a free update or manual download.
The only way I see IE6 users finally being forced to update is either:
1) wide spread attacks on the less secure browser - scaring users into updating.
2) Web developers stop supporting it (most sites require some tweaking to get it to render in IE6 correctly when this stops people will eventually have enough of looking at broken pages and will upgrade)
3) Microsoft stop selling XP and users are eventually forced onto vista or a newer OS which will not support IE6
I personally hate IE6 users as I have to spend so much time tweaking just for them and cannot use some cool new features/tricks that other browsers support because IE doesn't. IE6 users are holding back the web.